Get service account credentials APIedit
This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Retrieves all service credentials for a service account.
Requestedit
GET /_security/service/<namespace>/<service>/credential
Prerequisitesedit
-
To use this API, you must have at least the
manage_service_accountcluster privilege.
Descriptionedit
In production mode, service accounts require TLS on the HTTP interface. A runtime check prevents you from invoking any related APIs or authenticating with a service account token unless TLS is enabled on the HTTP interface. See encrypt HTTP client communications for Elasticsearch.
Use this API to retrieve a list of credentials for a service account. The response includes service account tokens that were created with the << create service account API >> as well as file-backed tokens that are local to the node.
For tokens backed by the service_tokens file, the API only returns
tokens defined in the file local to the node against which the request was issued.
Path parametersedit
-
namespace - (Required, string) Name of the namespace.
-
service - (Required, string) Name of the service name.
Examplesedit
The following request uses the create service account token API to create a service account token named token1
in the elastic/fleet-server service account:
POST /_security/service/elastic/fleet-server/credential/token/token1
The following request returns all credentials for the elastic/fleet-server
service account:
GET /_security/service/elastic/fleet-server/credential
The response includes all credentials related to the specified service account: